Abstract
Detection and prevention of distributed denial of service (DDoS) attacks are considered to be a keystone of network security. Though a good number of potential solutions have been provided for the detection of attacks, but due to frequent change in attack vectors, a competent technique is essential for combating these new attacks. In this paper, we propose a hybrid method which uses deep neural network (DNN) model for distinguishing DDoS attacks in cloud environment using ant colony optimization (ACO) for learning prime or important hyperparameters for effective classification of DNN. The use of optimal parameters in DNN makes it more accurate for detection of attacks. The proposed approach is validated by comparing its performance w.r.t. parameters detection accuracy, detection rate with the results of three other recent methods based on machine learning. Experiments have been conducted on the CICIDS2017 dataset which is a new benchmark dataset in the area of network security. Proposed approach gives promising results over CICIDS2017 dataset. The detection rate and accuracy are 95.74% and 98.25%, respectively, which are better than state-of-the-art methods.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
References
L. Wei, H. Zhu, Z. Cao, X. Dong, W. Jia, Y. Chen, A.V. Vasilakos, Security and privacy for storage and computation in cloud computing. Inf. Sci. 258, 371–386 (2014)
M. Ali, S.U. Khan, A.V. Vasilakos, Security in cloud computing: opportunities and challenges. Inf. Sci. 305, 357–383 (2015)
J. Srinivas, A.K. Das, N. Kumar, Government regulations in cyber security: framework, standards and recommendations. Future Gener. Comput. Syst. 92, 178–188 (2019)
M. Wazid, A.K. Das, V. Bhat, A.V. Vasilakos, LAM-CIoT: lightweight authentication mechanism in cloud-based IoT environment. J. Netw. Comput. Appl. 150, 102496 (2020)
I. Sharafaldin, A.H. Lashkari, S. Hakak, A.A. Ghorbani, Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy, in International Carnahan Conference on Security Technology, pp. 1–8 (2019)
E. Özer, M. Iskefiyeli, Detection of DDoS attack via deep packet analysis in real time systems, in International Conference on Computer Science and Engineering, pp. 1137–1140 (2017)
B. Meng, W. Andi, X. Jian, Z. Fucai, DDOS Attack detection system based on analysis of users’ behaviors for application layer, in IEEE International Conference on Computational Science and Engineering and IEEE International Conference on Embedded and Ubiquitous Computing, Vol. 1, pp. 596–599 (2017)
D. Sun, K. Yang, Z. Shi, Y. Wang, A distinction method of flooding DDoS and flash crowds based on user traffic behavior, in IEEE Trustcom/BigDataSE/ICESS, pp. 65–72 (2017)
J. David, C. Thomas, Efficient DDoS flood attack detection using dynamic thresholding on flow-based network traffic. Comput. Secur. 82, 284–295 (2019)
S. Saharan, V. Gupta, Prevention and Mitigation of DNS based DDoS attacks in SDN Environment, in 11th International Conference on Communication Systems & Networks, pp. 571–573 (2019)
J. Hou, P. Fu, Z. Cao, A. Xu, Machine learning based DDoS detection through netflow analysis, in IEEE Military Communications Conference, pp. 1–6 (2018)
Z.M. Fadlullah, T. Taleb, A.V. Vasilakos, M. Guizani, N. Kato, DTRAB: combating against attacks on encrypted protocols through traffic-feature analysis. IEEE/ACM Trans. Networking 18(4), 1234–1247 (2010)
S.A. Ludwig, Intrusion detection of multiple attack classes using a deep neural net ensemble, in Symposium Series on Computational Intelligence, pp. 1–7 (2017)
M. Idhammad, K. Afdel, M. Belouch, Distributed intrusion detection system for cloud environments based on data mining techniques. Proc. Comput. Sci. 127, 35–41 (2018)
D.A.A.G. Singh, R. Priyadharshini, E.J. Leavline, Cuckoo optimization based intrusion detection system for cloud computing. Int. J. Comput. Network Inform. Secur. 10(11), 42 (2018)
Z. Chiba, N. Abghour, K. Moussaid, M. Rida, Intelligent approach to build a deep neural network based IDS for cloud environment using combination of machine learning algorithms. Comput. Secur. 86, 291–317 (2019)
R. Patil, H. Dudeja, C. Modi, Designing an efficient security framework for detecting intrusions in virtual network of cloud computing. Comput. Secur. 85, 402–422 (2019)
B. Hajimirzaei, N.J. Navimipour, Intrusion detection for cloud computing using neural networks and artificial bee colony optimization algorithm. ICT Express 5(1), 56–59 (2019)
S. Hosseini, M. Azizi, The hybrid technique for DDoS detection with supervised learning algorithms. Comput. Netw. 158, 35–45 (2019)
W. Elmasry, A. Akbulut, A.H. Zaim, Evolving deep learning architectures for network intrusion detection using a double PSO metaheuristic. Comput. Netw. 168, 107042 (2020)
M. Wang, Y. Lu, J. Qin, A dynamic MLP-based DDoS attack detection method using feature selection and feedback. Comput. Secur. 88, 101645 (2020)
I. Sharafaldin, A.H. Lashkari, A.A. Ghorbani, A detailed analysis of the CICIDS2017 data set, in International Conference on Information Systems Security and Privacy, pp. 172–188 (2018)
N. Moustafa, J. Slay, UNSW-NB15: a comprehensive data set for network intrusion detection systems, in Proceedings of the Military Communications and Information Systems Conference, pp. 1–6 (2015)
C. Kolias, G. Kambourakis, A. Stavrou, S. Gritzalis, Intrusion detection in 802.11 networks: empirical evaluation of threats and a public dataset. IEEE Commun. Survey Tutorial 18(1), 184–208 (2016)
R. Lippmann, J.W. Haines, D.J. Fried, J. Korba, K. Das, The 1999 DARPA off-line intrusion detection evaluation. Comput. Network 34(4), 579–595 (2000)
M. Ring, S. Wunderlich, D. Grüdl, D. Landes, A. Hotho, Creation of flow-based data sets for intrusion detection. J. Inform. Warfare 16, 40–53 (2017)
M. Dorigo, T. Stützle, Ant colony optimization: overview and recent advances, in Handbook of metaheuristics, pp. 311–351 (2019)
W. Liu, Z. Wang, X. Liu, N. Zeng, Y. Liu, F.E. Alsaadi, A survey of deep neural network architectures and their applications. Neurocomputing 234, 11–26 (2017)
C.S. Wickramasinghe, D.L. Marino, K. Amarasinghe, M. Manic, Generalization of deep learning for cyber-physical system security: a survey, in 44th Annual Conference of the IEEE Industrial Electronics Society, pp. 745–751 (2018)
A. Ahmim, L. Maglaras, M.A. Ferrag, M. Derdour, H. Janicke, A novel hierarchical intrusion detection system based on decision tree and rules-based models, in 2019 15th International Conference on Distributed Computing in Sensor Systems, pp. 228–233 (2019)
M. Prasad, S. Tripathi, K. Dahal, An efficient feature selection based Bayesian and Rough set approach for intrusion detection. Appl. Soft Comput. 87, 105980 (2020)
Acknowledgements
This research work is supported by Technical Education Quality Improvement Project III (TEQIP III) of MHRD, Government of India assisted by World Bank under Grant Number P154523 and sanctioned to UIET, Panjab University, Chandigarh (India).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Bhardwaj, A., Mangat, V., Vig, R. (2021). Hybrid Deep Neural Architecture for Detection of DDoS Attacks in Cloud Computing. In: Paprzycki, M., Thampi, S.M., Mitra, S., Trajkovic, L., El-Alfy, ES.M. (eds) Intelligent Systems, Technologies and Applications. Advances in Intelligent Systems and Computing, vol 1353. Springer, Singapore. https://doi.org/10.1007/978-981-16-0730-1_5
Download citation
DOI: https://doi.org/10.1007/978-981-16-0730-1_5
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-16-0729-5
Online ISBN: 978-981-16-0730-1
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)